Malware Found in WordPress Theme – Protect Yourself Now

The article sums up his revealing analysis of how a Theme malware code integrates itself into your site, even down to the server level, through a twisting path of imaginative code. The code reminds me of insidious bombs featured in an episode of Star Trek: Deep Space Nine called “Houdinis.” The bombs vanished in and out of subspace, each less than a meter from another one in a grid. At any time it could appear and explode if it detected movement near it, surprising and killing the victims. This code has the ability to activate, create trouble, then erase its path, making it tough to detect, test, and eliminate.

The article also offers some tips and WordPress Plugins for checking your site for security vulnerabilities, as well as possibly test a Theme before you become too invested in it. There is no one full-proof, one step thing you can do yet, though there are many working on some advanced site armor and prevention tools which I will cover in an upcoming article on WordCast.

In general, use the built-in auto update feature to upgrade WordPress immediately when a mandatory security update is released, and upgrade Themes and Plugins.

Remember, prevention is cheaper and easier than dealing with a hack after the fact.

We live in “interesting times,” and I dream of the day when those who dance with the dark put their creative energy, discipline and determination into projects of light, peace, and joy…and that good would pay better than bad.

Otto covered this topic few days ago and it impressed me, now this from you Lorelle and it’s definitely worth reading and spreading around. People who want free themes should be very careful while downloading them from shady sites, every theme that i.e. footer.php isn’t readable should be good sign that there is something wrong and in many cases regular user will have no knowledge of this.

When you download “free” theme you get much more than just a theme.

It’s almost always good idea to get your theme from people that everyone knows, even bigger plus is if their site is listed on WordPress.

Thanks for sharing your thoughts about your article Lorelle. It gives me another idea now to be more careful in choosing such Themes. I hope someone can create a plugin does act like an Anti-virus that protects our blog for any threats such as this one.

While I blog fairly exclusively about WordPress, such malware is not limited to the WordPress Community of products and services. In fact, they tend to be less than found in a lot of other template suppliers for other publishing platforms and services.

It would more than likely be more effective to black-list these sites by domain, and not by theme name, for example, the theme in which this malware was found; was originally legitimate and by and large still is.

The theme had been downloaded from the WordPress site and re-uploaded to the scammers site after he/she had placed the malware into it.

It would be more inconvenient for these scammers to change their site address than the theme name and costly too.

Some months back I told a friend that I suspect it was my WP plugin giving my blog malware. He was quite shocked. Only thing is the plugin withe the malware was not an SEO plugin. I am going to heed the advise of not downloading any plugin outside WordPress.org Also, do check that all files do not contain something like .ru or pantscow.ru (My blog was hit with this twice. The 2nd time I was hit, I simply upgraded and the malware, was once again gone.)

As someone who has been hit by malware a bunch of times I think Automatic should look into creating an App Store that features plugins and themes along the lines of what the iTunes store does. It would offer free and premium themes and pugins that would be tested before being accepted. It would give theme and plugin authors great visibility, could be easily integrated into the WordPress ecosystem and would be a source of revenue for Automatic as well as the authors. They could even offer plugin packages for various combined functionality, again for a fee.

People that create malicious software really piss me off. Of course, now it’s no longer just a challenge to corrupt someone’s computer – there is the profit incentive behind it also. When the scammers start making money, we all lose. I use Malwarebytes to keep that crap out of my computer.

Yes and now. I’ve had clients with malware in WordPress Themes and several Plugins that claimed to check thoroughly didn’t find them consistently, though the newer updated ones have improved. The issue is that truly criminal WordPress Theme and template providers have also improved their efforts.

And a Theme checker will not do much for a site infected by one of the malware trojans initiated by Themes, Plugins, and other methods that initiates and cloaks, one that I’ve battled on a couple sites. I long for the day when we have a tool that will dig in deep to find and prevent all of the evil on a WordPress blog. Until then, go with trusted resources and check using the tools available.

[…] around the world similar to the one that plagued many websites and blogs, including WordPress, a malware-style bot that can do damage and hide itself from detection, making it painful to remove. According to an announcement on ComputerWorld, the new massive botnet […]